Maintenance Addendum Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60)

1 Introduction

On 28 September 2005, Electronic Warfare Associates-Canada (EWA-Canada) submitted an Impact Analysis Report to the CCS Certification Body on behalf of Check Point Software Technologies Incorporated, the developer of the Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60) product. The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60) (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.

2 Description of changes

The changes listed in the IAR include changes made from R55 with HFA_14 of the Check Point Software Technologies Incorporated VPN-1/FireWall-1 to NGX (R60).

The following characterizes the changes implemented in the Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60). For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60) comprise software changes that:

• restore the expected functionality of the product (bug fixes);
• update third party components included in the product;
• add functionality to portions of the product not included in the scope of the original evaluation;

3 Description of Changes to the IT Environment

There were no changes included for the underlying IT environment for the VPN-1/FireWall1 NGX R60.

4 Affected developer evidence

Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR, and revised versions of all affected developer evidence were submitted.

Modifications to the security target were made to reflect the new product version.

5 Conclusions

All changes to the TOE were features changes and isolated corrections to the product. Through functional and regression testing of the Check Point Software Technologies Incorporated VPN-1/FireWall-1 NGX (R60), assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.

6 References

Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004

Technical Oversight for Assurance Continuity of a certified TOE, version 1.0, 18 June 2004

Certification Report for EAL4 Evaluation of Check Point Software Technologies Incorporated VPN-1/FireWall-1 Next Generation Feature Pack 1